I was surfing the internet & apparently accidentally clicked on something, I don't know what. Suddenly I was receiving all sorts of popups & messages about programs installing.......

I immediately disconnected from the internet & tried to uninstall what I could. I think I have most everything under control, but I can't get rid of MegaBackup. It's still showing in my Programs & Features, my Program Files, etc. Unable to delete or rename.

The other thing that really has me concerned - I removed what I could & then restarted my computer. The original HP screen appeared (what came with the computer) & a small window appeared in the top left; it acted like it was a brand new computer. Naturally I panicked!! (Yes, I do have a backup hard drive & Carbonite, so no lectures please. I'm just not feeling like having to reinstall everything at this point in time). Anyhow, I restarted in Safe mode & my screen looks like it's supposed to. I downloaded HijackThis & have posted my log below.

Any advice is gratefully appreciated!! Thanks in advance for your time.

Hi and welcome to Spyware Warrior Forum.
My name is Cypher, and I will be helping you with your malware problems.
This may or may not, solve other issues you have with your machine.
If you no longer require help i would be grateful if you would let me know.

Before we start please note the following important guidelines.

If you don't know or understand something, please don't hesitate to ask.

Only post your problem at One help site. Applying fixes from multiple help sites can cause problems.

Only reply to this thread do not start another, Please continue responding until I give you the "All Clean"Remember, absence of symptoms does not mean the infection is all gone.

Please DO NOT run any other tools or scans whilst I am helping you.

Please DO NOT install any other software (or hardware) during the cleaning process.

Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.

Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

Please click on THIS link, and follow the instructions for installing TCRB and creating a backup of your Registry.

Next.

I need you to run further scans for me.
Please post each log separately to prevent it being cut off by the forum post size limiter.
Check each after you've posted it to make sure it's all present, if any log is cut off you'll have to post it in sections.

I must admit I did try a few other things before I received your reply. I used my Malwarebytes & Glary Utilities programs. I had to run & restart a few times, but it looked (to me) like everything was removed.

However, I do not have much experience in this, & will defer to you for guidance.

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

Error: (11/17/2015 03:52:35 PM) (Source: Windows Search Service) (EventID: 7042) (User: )
Description: The Windows Search Service is being stopped because there is a problem with the indexer: The catalog is corrupt.

Error: (11/17/2015 01:35:51 AM) (Source: ESENT) (EventID: 215) (User: )
Description: WinMail (2708) WindowsMail0: The backup has been stopped because it was halted by the client or the connection with the client failed.

Error: (11/17/2015 00:30:08 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program WindApp Uninstall.exe version 3.0.673.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

System errors:
=============
Error: (11/18/2015 11:39:17 AM) (Source: bowser) (EventID: 8003) (User: )
Description: The master browser has received a server announcement from the computer KELI-TOSHIBALAP
that believes that it is the master browser for the domain on transport NetBT_Tcpip_{4FAB951C-9F2A-41AC-97D4-16A630A5FCB2}.
The master browser is stopping or an election is being forced.

Error: (11/18/2015 11:35:19 AM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Search service, but this action failed with the following error:
%%1056

Error: (11/18/2015 11:34:50 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Presentation Foundation Font Cache 3.0.0.0 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.

Error: (11/18/2015 11:34:49 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Media Player Network Sharing Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.

Error: (11/18/2015 11:34:49 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The HP Support Assistant Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

Error: (11/18/2015 11:34:49 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.

Error: (11/18/2015 11:34:48 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The CarboniteService service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

Error: (11/18/2015 11:34:48 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Apple Mobile Device Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

Hi,
Looks like the scans you ran did a good job of cleaning things up.
There are a few minor things in your logs that need to be dealt with, we will take care of those now.
Then to be sure we got everything i need you to run another scan for me.

Click Start

Type notepad.exe in the search programs and files box and click Enter.

A blank Notepad page should open.

Copy and Paste the following script into Notepad, Do not include the word Code:

NOTE: It's important that both files, FRST/FRST64 and fixlist.txt are saved in the same location or the fix will not work.

Right-click FRST.exe and select " Run as administrator " to run it.

Press the Fix button just once. Then wait.

When finished, it will create a Fixlog.txt log on your Desktop.

Please post the content of the Fixlog.txt in your next reply.
Next.

ESET online scannner

Note: You can use either Internet Explorer or Mozilla FireFox for this scan.

Note: If you are using Windows Vista or Windows 7, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.

First please Disable any Antivirus you have active, as shown in This topic.

Note: Don't forget to re-enable it after the scan.

Next hold down Control then click on the following link to open a new window to ESET online scannner

Quote:

Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.

When prompted allow the Add-On/Active X to install.

Click on Run ESET Online Scanner, then elect the option YES, I accept the Terms of Use, then click Start.

Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.

Now click on Advanced Settings and select the following:

Scan for potentially unwanted applications

Scan for potentially unsafe applications

Enable Anti-Stealth Technology

Now click on Start.

The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.

When completed the Online Scan will begin automatically.

Do not touch either the Mouse or keyboard during the scan otherwise it may stall.

When completed select Uninstall application on close if you so wish, make sure you copy the logfile first!

Now click on Finish.

Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.

Logs you requested are below. Computer performance is about the same or slightly better. At least I don't seem to have any more nasties!! LOL HOwever, my computer is about 6 years old, so I don't expect lightning fast.